Manage data usage policies in the UI user-guide

This document covers how to use the Policies workspace in the Adobe Experience Platform UI to create and manage data usage policies.

NOTE
For information on how to manage access control policies in the UI, refer to the attribute-based access control UI guide instead.
IMPORTANT
All data usage policies (including core policies provided by Adobe) are disabled by default. In order for an individual policy to be considered for enforcement, you must manually enable that policy. See the section on enabling policies for steps on how to do this in the UI.

Prerequisites

This guide requires a working understanding of the following Experience Platform concepts:

View existing policies view-policies

In the Experience Platform UI, select Policies to open the Policies workspace. In the Browse tab, you can see a list of available policies, including their associated labels, marketing actions, and status.

If you have access to consent policies, select the Consent policies toggle to view them in the Browse tab.

Select a listed policy to view its description and type. If a custom policy is selected, additional controls are displayed to edit, delete, or enable/disable the policy.

Create a custom policy create-policy

To create a new custom data usage policy, select Create policy in the top-right corner of the Browse tab in the Policies workspace.

Depending on whether you are part of the beta for consent policies, one of the following occurs:

NOTE
Consent policies are currently only available for organizations that have purchased Adobe Healthcare Shield or Adobe Privacy & Security Shield.

Governance and consent policies can be used together to create robust rules for governing audiences mapped to a destination. Consent policies are inclusive in nature, meaning they dictate which profiles can be included in each marketing experience. Conversely, governance policies exclude the use of specific labelled attributes from being configured for activation.

By using this behavior, you can set up a combination of policies and consent rules that include the correct profiles, but prevents you from including data that goes against your set organizational rules. An example scenario would be, where you want to exclude sensitive data from being included but are still able to target consented users for marketing via social media. The necessary steps for this scenario are outlined in the infographic below.

An infographic outlining the steps to use governance and consent policies together to create robust rules for governing audiences.

Create a data governance policy create-governance-policy

The Create policy workflow appears. Start by providing a name and a description for the new policy.

Next, select the data usage labels that the policy will be based on. When selecting multiple labels, you are given the option to choose whether the data should contain all the labels or just one of them in order for the policy to apply. Select Next when finished.

The Select marketing actions step appears. Choose the appropriate marketing actions from the provided list, then select Next to continue.

NOTE
When selecting multiple marketing actions, the policy interprets them as an “OR” rule. In other words, the policy applies if any of the selected marketing actions are performed.

The Review step appears, allowing you to review the details of the new policy before creating it. Once you are satisfied, select Finish to create the policy.

The Browse tab reappears, which now lists the newly created policy in “Draft” status. To enable the policy, see the next section.

IMPORTANT
Consent policies are only available for organizations that have purchased Adobe Healthcare Shield or Adobe Privacy & Security Shield.

If you chose to create a consent policy, a new screen appears that allows you to configure the new policy.

In order to make use of consent policies, you must have consent attributes present in your profile data. See the guide on consent processing in Experience Platform for detailed steps on how to include the required attributes in your union schema.

Consent policies are comprised of two logical components:

  • If: The condition that will trigger the policy check. This can be based on a certain marketing action being performed, the presence of certain data usage labels, or a combination of the two.
  • Then: The consent attributes that must be present for a profile to be included in the action that triggered the policy.

Under the If section, select the marketing actions and/or data usage labels that should trigger this policy. Select View all and Select labels to view the full lists of available marketing actions and labels, respectively.

Once you have added at least one condition, you can select Add condition to continue adding further conditions as necessary, choosing the appropriate condition type from the dropdown.

If you select more than one condition, you can use the icon that appears between them to switch the conditional relationship between “AND” and “OR”.

Under the Then section, select at least one consent attribute from the union schema. This is the attribute that must be present in order for profiles to be included in the action governed by this policy. You can choose one of the provided options from the list, or select View all to choose the attribute directly from the union schema.

When selecting the consent attribute, choose the values for the attribute that you want this policy to check for.

After you have selected at least one consent attribute, the Policy properties panel updates to show the estimated number of profiles that would be allowed under this policy, including the percentage of the total Profile store. This estimation automatically updates as you adjust the policy configuration.

To add further consent attributes to the policy, select Add result.

You can continue adding and adjusting conditions and consent attributes to the policy as needed. When you are satisfied with the configuration, provide a name and optional description for the policy before selecting Save.

The consent policy is now created, and its status is set to Disabled by default. To enable the policy right away, select the Status toggle in the right rail.

Verify policy enforcement

After you have created and enabled a consent policy, you can preview how it affects your consented audiences when activating segments to destinations. See the section on consent policy evaluation for more information.

Enable or disable a policy enable

All data usage policies (including core policies provided by Adobe) are disabled by default. For an individual policy to be considered for enforcement, you must manually enable that policy through the API or UI.

You can enable or disable policies from the Browse tab in the Policies workspace. Select a custom policy from the list to display its details on the right. Under Status, select the toggle button to enable or disable the policy.

View marketing actions view-marketing-actions

In the Policies workspace, select the Marketing actions tab to view a list of available marketing actions defined by Adobe and your own organization.

Create a marketing action create-marketing-action

To create a new custom marketing action, select Create marketing action in the top-right corner of the Marketing actions tab in the Policies workspace.

The Create marketing action dialog appears. Enter a name and description for the marketing action, then select Create.

The newly created action appears in the Marketing actions tab. You can now use the marketing action when creating new data usage policies.

Edit or delete a marketing action edit-delete-marketing-action

NOTE
Only custom marketing actions defined by your organization can be edited. Marketing actions defined by Adobe cannot be changed or deleted.

In the Policies workspace, select the Marketing actions tab to view a list of available marketing actions defined by Adobe and your own organization. Select a custom marketing action from the list, then used the provided fields in the right-hand section to edit the marketing action’s details.

If the marketing action is not being used by any existing usage policies, you can delete it by selecting Delete marketing action.

NOTE
Attempting to delete a marketing action that is being used by an existing policy causes an error message to appear, indicating that the delete attempt failed.

Next steps

This document provided an overview of how to manage data usage policies in Experience Platform UI. For steps on how to manage policies using the Policy Service API, see the developer guide. For information on how to enforce data usage policies, see the policy enforcement overview.

The following video provides a demonstration of how to work with usage policies in the Experience Platform UI:

Transcript
In this video, I’ll show you how to manage data usage policies in Adobe Experience Platform. I’ll show you how to view policies provided out-of-the-box and how to create custom policies based on your usage needs. Data usage policies allow you to restrict data usage for specific purposes based on the classification of data. Two constructs are provided that act as building blocks: governance labels and marketing actions. First, let’s look at the policies provided out-of-the-box. Navigate to the Platform interface and click the Policies tab on the left under the Privacy section. Here you can see the list of all data usage policies available. The Owner column indicates who created the policy, such as these out-of-the-box policies provided by Adobe. Think of these Adobe-provided policies as a starting point capturing some common use cases for restricting data usage and are based on the labels and marketing actions also provided out-of-the-box. Any org enabled for policy enforcement will have these policies available for use and activated. To create a new policy, let’s click the Create Policy button at the top of the page. This allows you to create new policies based on your specific compliance needs for restricting data usage. The first step in the policy creation workflow allows you to provide a friendly name and description. Let’s say you want to prevent using precise geolocation data or other directly identifiable data for onsite targeting purposes. The next step allows you to select the labels reflecting the data classification for which this policy will be applicable. Given our use case, I’m selecting the S1 label to capture precise geolocation data and a more general I1 label to capture directly identifiable data. Note that you have to separately use these labels to classify the data you bring into Platform for the policy to be applicable. Using the switcher on the right, you can choose whether the data requires both of these labels or just either one for usage to be restricted. This translates into an and-or-or expression respectively in the rule builder. In the third step, you choose the marketing actions that should be restricted if data contains the labels we just selected. Since we want to prevent all forms of onsite targeting, I’ll select both onsite advertising and onsite personalization, which is interpreted as an or expression by the rule builder. Note that the marketing actions you choose here should be consistent with the actions registered by the downstream applications and services where the data usage happens. The final step shows a summary for you to review before the policy is created. Click Save and you’ll be redirected to the Policy List page where you can see the new created policy. An overview of the policy is provided when you click the policy in the list. Here you have the option to disable the policy so that it’s not considered for enforcement in Platform workflows. Additionally the Edit button allows you to go back to the authoring workflow and make any changes after creation. You should now be able to manage data usage policies on Platform, including viewing available policies and creating new policies as needed. -
recommendation-more-help
834e0cae-2761-454a-be4d-62f0fd4b4456